Pure Storage Purity FA/Purity FB Restricted Shell access control

A vulnerability was found in Pure Storage Purity FA and Purity FB (the affected version unknown). It has been classified as critical. This affects an unknown code block of the component Restricted Shell. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

019
119

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%27
50%11

Approve Conf

90%27
80%11
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1264240806/23/2022VulD...price_0day$0-$5ksee exploit price documentation06/23/2022accepted
90
1264240706/23/2022VulD...cvss3_meta_tempscore7.6see CVSS documentation06/23/2022accepted
90
1264240606/23/2022VulD...cvss3_meta_basescore8.0see CVSS documentation06/23/2022accepted
90
1264240506/23/2022VulD...cvss3_vuldb_tempscore7.6see CVSS documentation06/23/2022accepted
90
1264240406/23/2022VulD...cvss3_vuldb_basescore8.0see CVSS documentation06/23/2022accepted
90
1264240306/23/2022VulD...cvss2_vuldb_tempscore6.7see CVSS documentation06/23/2022accepted
90
1264240206/23/2022VulD...cvss2_vuldb_basescore7.7see CVSS documentation06/23/2022accepted
90
1264240106/23/2022VulD...cvss3_vuldb_eXderived from historical data06/23/2022accepted
80
1264240006/23/2022VulD...cvss3_vuldb_avAderived from historical data06/23/2022accepted
80
1264239906/23/2022VulD...cvss2_vuldb_eNDderived from historical data06/23/2022accepted
80
1264239806/23/2022VulD...cvss2_vuldb_auSderived from historical data06/23/2022accepted
80
1264239706/23/2022VulD...cvss2_vuldb_avAderived from historical data06/23/2022accepted
80
1264239606/23/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector06/23/2022accepted
80
1264239506/23/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/23/2022accepted
80
1264239406/23/2022VulD...cvss2_vuldb_aiCderived from vuldb v3 vector06/23/2022accepted
80
1264239306/23/2022VulD...cvss2_vuldb_iiCderived from vuldb v3 vector06/23/2022accepted
80
1264239206/23/2022VulD...cvss2_vuldb_ciCderived from vuldb v3 vector06/23/2022accepted
80
1264239106/23/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector06/23/2022accepted
80
1264239006/23/2022VulD...date1655935200 (06/23/2022)06/23/2022accepted
90
1264238906/23/2022VulD...cve_nvd_summaryPure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.cve.org06/23/2022accepted
90

18 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!